Tutorial 11 Flashcards
Black Hat Hackers:
Malicious hackers who break into systems to steal, destroy, or exploit
data. Their intent is criminal or harmful, such as stealing credit card numbers or spying on
organizations.
Botnets:
Networks of infected computers (zombies) controlled remotely by cybercriminals.
Used to send spam, execute DDoS attacks, or distribute malware.
Distributed Denial of Services (DDoS) Attack:
A cyberattack that floods a server or
network with massive traffic from multiple sources. The goal is to crash or cripple the service,
making it unavailable to legitimate users.
Encryption:
The process of converting data into a coded form to prevent unauthorized
access. Only someone with the decryption key can read the original data.
Firewalls:
Software or hardware that filters and blocks unauthorized access to or form a
private network. Acts as a barrier between a trusted internal network and untrusted external
networks.
Malware:
Short for malicious software (e.g., viruses, worms, trojans). Designed to damage
or disable systems, steal data, or spy on users.
Phishing:
A type of social engineering where attackers trick users into revealing sensitive
info (e.g. passwords). Often done through face emails or websites posing as legitimate
entities.
Social Engineering:
The use of manipulation or deception to trick people into breaking
security procedures. An example would be pretending to be IT support, or using personal
knowledge to gain trust.
Spyware:
Software that secretly gathers user data without permission. Often bundled with
free download or disguised as legitimate software.
White Hat Hackers:
Ethical hackers who test and identify vulnerabilities in systems to help
improve security. Hired by companies for penetration testing or audits
Motivations for attacks:
-Financial theft
-Identity theft
-Revenge
-Espionage
-Cyberwarfare
-Terrorism
-Protest (hacktivism)
-Pranks
Criminal ecosystem:
Data harvesters sell to fraudster in a sophisticated market
Botnets and DDoS attacks
Are common tools used to launch widespread and
disruptive attacks
Insider threats
And nation-state actors are particularly dangerous
Cyberwarfare
Is real and increasing
Vulnerabilities
⇒ exist in every system touchpoint: software, hardware, user behaviour
●Common attack vectors:
-Phishing, social engineering
-Malware, SQL injection, website compromises
-Lost/stolen devices, unpatched software
●Security awareness and basic controls can help significantly
Taking Action - For Individuals:
Surf smart, stay updated, use antivirus and firewalls, encrypt data. manage
passwords wisely, and backup data
Taking Action - For organizations
-Use frameworks like ISO 27000 series, PCI DSS, HIPAA, etc.
-Realize that compliance isn’t security
⇒ security requires a culture of continuous vigilance
-Implement access control, firewalls, honeypots, intrusion detection, patch
management, and audits
-Develop recovery and incident response plans
-Engage employees at every level, from the boardroom to interns
Factors driving insider risk
●Growth in IT complexity and outsourcing
●Use of personal devices and social media
●Motivations: revenge, money, ideology, coercion
Managers in the Dark:
●Managers are largely ignorant of insider threats
●They view security as somebody else’s job – usually the IT department’s
-Few managers recognize the importance of observing unusual employee
behaviour to obtain advance warning of attack
●Few IT groups are given guidance regarding, which information assets are most
critical, what level of risk is acceptable, or how much should be invested to prevent
attacks
Common practices that don’t work:
-Access controls ⇒ rules that prohibit people from using corporate divides for
personal tasks will not keep them from stealing assets
-Vulnerability management ⇒ security patches and virus checkers will not
prevent or detect access by malevolent authorized employees or third parties
using stolen credentials
-Strong boundary protection ⇒ putting critical assets inside a hardened
perimeter will not prevent theft by those authorized to access the protected
systems
-Password policy ⇒ mandating compley or frequently changed passwords
means that they often end up on post-it notes – easy pickings for someone
with physical access
-Awareness programs ⇒ Simply requiring employees to read the company’s
IT security policy annually will not magically confer cyber awareness on them.
Nor will it prevent staff members from taking harmful actions
Recommended Actions:
- Develop insider policies: Clear, enforced, understood at all levels
- Monitor behaviours: Track access, detect anomalies, and perform audits
- Screen vendors and hires: Check for red flags in background and behaviour
- Promote culture of awareness: Make cybersecurity a shared responsibility like
safety or quality - Limit access & privileges: Use “least privilege” principle – employees only get
access to what they need ⇒ regularly audit high-privilege accounts - Use real-time detection tools: Focus on exfiltration detection, not just infiltration
How can an employee or vendor be the biggest threat?
●Legitimate access: Insiders already have access to systems, unlike external
hackers
●Vendors and contractors may use shared credentials pr be loosely monitored
●Unintentional risks: Employees can fall for phishing, lose devices, or use unsecure
apps
●Malicious insiders: Disgruntled employees may intentionally sabotage or steal data
Motivations behind inside cyber threats:
-Financial Gain – Selling sensitive data on the dark web or blackmailing the company
-Revenge – Disgruntled employees wanting to harm the organization
-Recognition or Ego – Showing off technical prowess or power
-Ideology/Activism – Political or ethical motives
-Coercion/Blackmail – Forced to act by external threats
-Loyalty to Others – Assisting someone else, e.g., a family member or third party